Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

• Four suspects were
arrested October 21 among 8 charged for allegedly installing skimming devices
inside gas pumps across southern California and Nevada. – Southern
California City News Service

1. October
22, Southern California City News Service – (California; Nevada) Four
suspected of ‘skimming’ credit card numbers at gas stations in Long Beach,
elsewhere. The U.S. attorney in Los Angeles announced that 4 suspects were
arrested October 21 among 8 charged for allegedly participating in a scheme in
which they installed skimming devices inside pumps at gas stations across
southern California and in Las Vegas, Nevada. The suspects reportedly used a
large van to conceal the installation of the devices and would obtain
consumer’s financial information via Bluetooth-equipped devices, such as cell
phones and tablets.Source: http://www.presstelegram.com/general-news/20151021/four-suspected-of-skimming-credit-card-numbers-at-gas-stations-in-long-beach-elsewhere

• San Jose County,
California officials reported October 21 that the number of people sickened
with Shigella increased to 80 cases, with 12 taken to intensive care units. – San
Francisco Chronicle

13. October
21, San Francisco Chronicle – (California) Shigella outbreak
linked to South Bay restaurant grows. San Jose County health authorities
reported October 21 that the number of people sickened with Shigella increased
to 80 cases, 12 of which were taken to intensive care units, after each person
consumed food from the Mariscos San Juan restaurant following an October 18
outbreak that closed the establishment. The restaurant remains closed until
health authorities deem it is safe for the public. Source: http://www.msn.com/en-us/news/us/shigella-outbreak-linked-to-south-bay-restaurant-grows/ar-BBmhMCa

• U.S. military
officials announced October 22 that a Marine Corps fighter pilot was killed
October 21 when his aircraft crashed immediately after take-off from Royal Air
Force Lakenheath station in England. – Associated Press

14. October
22, Associated Press – (International) US fighter pilot killed after jet crashes in
England. U.S. military officials announced October 22 that a U.S. Marine
Corps fighter pilot was killed October 21 when his F/A-18C Hornet aircraft
crashed immediately after taking off from the Royal Air Force Lakenheath
station in England. The plane was among six San Diego-based aircraft returning
from a 6-month deployment in the Middle East.

• Passaic County,
New Jersey, officials reported that an 8-alarm fire at an apartment building
displaced up to 400 people October 21 and injured 2 firefighters. – WPIX 11
New York City; Associated Press

22. October
22, WPIX 11 New York City; Associated Press – (New Jersey) 2
firefighters hurt in Passaic apartment fire; hundreds displaced. Passaic
County officials reported that an 8-alarm fire at an apartment building
displaced up to 400 people October 21 after the fire began on the top floor and
spread to surrounding areas, injuring 2 firefighters. The incident was contained and the
Red Cross is assisting displaced residents. Source: http://pix11.com/2015/10/21/firefighter-injured-battling-6-alarm-fire-in-passaic-apartment-building/

Financial Services Sector

5. October
21, WLS 7 Chicago – (Illinois) ‘North Center Bandit’ strikes bank again, FBI
says. FBI officials are searching for a suspect dubbed the “North Center
Bandit,” believed to be responsible for 4 robberies at Chase and PNC Bank
branches in the Chicago area beginning August 21. The suspect’s most recent
alleged robbery occurred at a Chase Bank branch in North Ashland October 20. Source:
http://abc7chicago.com/news/north-center-bandit-strikes-bank-again-fbi-says/1044827/

For additional stories, see
items 1 above in Top Stories
and 2 below from the Energy Sector

2. October
22, WFOR 4 Miami – (Florida) Man charged in credit card skimming scheme. Police
in Miami-Dade County arrested a man October 22 for allegedly installing
skimming devices at gas stations across south Florida and for using the
financial information to create counterfeit cards. Authorities believe the
suspect obtained about 2,000 credit and debit card numbers. Source: http://miami.cbslocal.com/2015/10/22/man-charged-in-credit-card-skimming-scheme/

Information Technology Sector

18. October
22, Securityweek – (International) New NTP vulnerabilities put networks at risk.
The Network Time Foundation’s NTP Project released an update addressing 13
denial-of-service (DoS), directory traversal, memory corruption, authentication
bypass, and file overwrite vulnerabilities in the Network Time Protocol (NTP),
as well as a “crypto-NAK” issue that could allow an unauthenticated off-path
attacker to force Network Time Protocol daemon (ntpd) processes to peer with
malicious time sources, eventually gaining the ability to bypass security
mechanisms and change system time, among other activities. Source: http://www.securityweek.com/new-ntp-vulnerabilities-put-networks-risk

19. October
22, Softpedia – (International) Drupal releases version 7.41 to fix open
redirect vulnerability. Drupal’s developers released update 7.41 addressing
an open redirect vulnerability in the system’s Overlay module in which an
attacker could redirect Drupal admins, logged into their admin panel, to a fake
login page in order to harvest credentials. The vulnerability was previously
addressed, but incompletely patched in version 7.38. Source: http://news.softpedia.com/news/drupal-releases-version-7-41-to-fix-open-redirect-vulnerability-495083.shtml

20. October
22, Softpedia – (International) New ransomware infects computers via Windows
Remote Desktop Services. Researchers discovered a new strain of ransomware
that hackers are manually installing by brute-forcing user account passwords
onto Windows computers that have Remote Desktop or Terminal Services
connections open. Once installed, the ransomware encrypts files with a 2048-bit
RSA key and drops a file with information on how to pay the ransom. Source: http://news.softpedia.com/news/new-ransomware-infects-computers-via-windows-remote-desktop-services-495067.shtml

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"